Skip to content

Migrate to IEEEtran and Refactor Appendices #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
google-labs-jules wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Migrate to IEEEtran and Refactor Appendices #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
19ecdac
Migrate to IEEEtran and Refactor Appendices
google-labs-jules[bot] Dec 9, 2025
59d523f
Refactor LaTeX paper to use IEEEtran class and fix formatting
google-labs-jules[bot] Dec 9, 2025
b10c73a
Migrate LaTeX template to IEEEtran, relocate appendices, and fix tabl…
google-labs-jules[bot] Dec 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
148 changes: 148 additions & 0 deletions paper/access.aux
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,148 @@
\relax
\providecommand\babel@aux[2]{}
\@nameuse{bbl@beforestart}
\providecommand\hyper@newdestlabel[2]{}
\providecommand\HyField@AuxAddToFields[1]{}
\providecommand\HyField@AuxAddToCoFields[2]{}
\citation{malul2024}
\citation{kyverno_docs}
\citation{borg}
\citation{kyverno_docs}
\citation{kyverno_docs}
\citation{malul2024}
\citation{kyverno_docs}
\citation{borg}
\babel@aux{english}{}
\@writefile{toc}{\contentsline {section}{\numberline {1}Importance of the Problem}{1}{section.1}\protected@file@percent }
\@writefile{lot}{\contentsline {table}{\numberline {1}{\ignorespaces Comparison of automated Kubernetes remediation systems (Oct.~2025 snapshot).}}{2}{table.1}\protected@file@percent }
\newlabel{tab:comparison}{{1}{2}{Comparison of automated Kubernetes remediation systems (Oct.~2025 snapshot)}{table.1}{}}
\@writefile{lot}{\contentsline {table}{\numberline {2}{\ignorespaces Head-to-head policy-level acceptance on the 500-manifest security-context slice. Counts and rates regenerate from \url {https://github.com/bmendonca3/k8s-auto-fix/blob/main/data/detections.json}, \url {https://github.com/bmendonca3/k8s-auto-fix/blob/main/data/verified.json}, and baseline CSVs under \url {https://github.com/bmendonca3/k8s-auto-fix/tree/main/data/baselines}.}}{2}{table.2}\protected@file@percent }
\newlabel{tab:baselines}{{2}{2}{Head-to-head policy-level acceptance on the 500-manifest security-context slice. Counts and rates regenerate from \url {https://github.com/bmendonca3/k8s-auto-fix/blob/main/data/detections.json}, \url {https://github.com/bmendonca3/k8s-auto-fix/blob/main/data/verified.json}, and baseline CSVs under \url {https://github.com/bmendonca3/k8s-auto-fix/tree/main/data/baselines}}{table.2}{}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Related Work}{2}{section.2}\protected@file@percent }
\citation{b1}
\citation{b3}
\citation{b2}
\citation{kube_linter_docs}
\citation{kyverno_docs}
\citation{opa_gatekeeper}
\citation{kubectl_reference}
\citation{aardvark}
\citation{kubeintellect}
\@writefile{toc}{\contentsline {section}{\numberline {3}System Design}{3}{section.3}\protected@file@percent }
\newlabel{sec:system-design}{{3}{3}{System Design}{section.3}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Notation}{3}{subsection.3.1}\protected@file@percent }
\newlabel{sec:notation}{{3.1}{3}{Notation}{subsection.3.1}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.2}End-to-End Walkthrough on Real Manifests}{3}{subsection.3.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Research Questions and Findings}{4}{subsection.3.3}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {4}Implementation and Metrics}{4}{section.4}\protected@file@percent }
\newlabel{sec:impl-metrics}{{4}{4}{Implementation and Metrics}{section.4}{}}
\citation{joseph2016}
\@writefile{lot}{\contentsline {table}{\numberline {3}{\ignorespaces At-a-glance comparison across remediation steps.}}{5}{table.3}\protected@file@percent }
\newlabel{tab:glance}{{3}{5}{At-a-glance comparison across remediation steps}{table.3}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}The Closed-Loop Pipeline}{5}{subsection.4.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}Verification Gates}{5}{subsection.4.2}\protected@file@percent }
\citation{artifacthub}
\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces Closed-loop architecture with detector, proposer, and verifier gates (policy re-check, schema validation, \texttt {kubectl apply --dry-run=server}) feeding the risk-aware scheduler. The scheduler consumes \texttt {policy\_metrics.json} entries \{${p}$, $\mathbb {E}[t]$, $R$, KEV\} to score work using the scheduling function.}}{6}{figure.1}\protected@file@percent }
\newlabel{fig:architecture}{{1}{6}{Closed-loop architecture with detector, proposer, and verifier gates (policy re-check, schema validation, \texttt {kubectl apply --dry-run=server}) feeding the risk-aware scheduler. The scheduler consumes \texttt {policy\_metrics.json} entries \{${p}$, $\mathbb {E}[t]$, $R$, KEV\} to score work using the scheduling function}{figure.1}{}}
\@writefile{toc}{\contentsline {section}{\numberline {5}Implementation Status and Evidence}{6}{section.5}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.1}Sample Detection Record}{6}{subsection.5.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.2}Unit Test Evidence}{6}{subsection.5.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.3}Dataset and Configuration}{6}{subsection.5.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.4}Evaluation Results}{6}{subsection.5.4}\protected@file@percent }
\newlabel{sec:evaluation}{{5.4}{6}{Evaluation Results}{subsection.5.4}{}}
\citation{xai_pricing}
\@writefile{lot}{\contentsline {table}{\numberline {4}{\ignorespaces Evidence for each stage of the implemented pipeline (October 2025 snapshot).}}{7}{table.4}\protected@file@percent }
\newlabel{tab:evidence}{{4}{7}{Evidence for each stage of the implemented pipeline (October 2025 snapshot)}{table.4}{}}
\@writefile{lot}{\contentsline {table}{\numberline {5}{\ignorespaces Execution environment for the reproduced rule-mode evaluations.}}{7}{table.5}\protected@file@percent }
\newlabel{tab:environment}{{5}{7}{Execution environment for the reproduced rule-mode evaluations}{table.5}{}}
\@writefile{lot}{\contentsline {table}{\numberline {6}{\ignorespaces LLM-backed proposer configuration for Grok/xAI sweeps (values from \texttt {configs/run.yaml}).}}{7}{table.6}\protected@file@percent }
\newlabel{tab:llm_config}{{6}{7}{LLM-backed proposer configuration for Grok/xAI sweeps (values from \texttt {configs/run.yaml})}{table.6}{}}
\@writefile{lot}{\contentsline {table}{\numberline {7}{\ignorespaces Top 10 Grok/xAI Failure Causes and Latencies}}{8}{table.7}\protected@file@percent }
\newlabel{tab:grok_failures}{{7}{8}{Top 10 Grok/xAI Failure Causes and Latencies}{table.7}{}}
\@writefile{lot}{\contentsline {table}{\numberline {8}{\ignorespaces Detector performance on synthetic hold-out manifests ($n=9$). Note: These are hand-crafted test cases with obvious violations; real-world performance is validated through live-cluster evaluation.}}{8}{table.8}\protected@file@percent }
\newlabel{tab:detector_performance}{{8}{8}{Detector performance on synthetic hold-out manifests ($n=9$). Note: These are hand-crafted test cases with obvious violations; real-world performance is validated through live-cluster evaluation}{table.8}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {2}{\ignorespaces Median wait time (bars) and P95 error bars for each risk tier. Bandit scheduling keeps the top quartile under 0.7~h while FIFO defers the same items for 26--50~h, illustrating the fairness gains summarized in \url {data/scheduler/metrics_schedule_sweep.json} and \url {data/scheduler/metrics_sweep_live.json}.}}{8}{figure.2}\protected@file@percent }
\newlabel{fig:fairness}{{2}{8}{Median wait time (bars) and P95 error bars for each risk tier. Bandit scheduling keeps the top quartile under 0.7~h while FIFO defers the same items for 26--50~h, illustrating the fairness gains summarized in \url {data/scheduler/metrics_schedule_sweep.json} and \url {data/scheduler/metrics_sweep_live.json}}{figure.2}{}}
\@writefile{lot}{\contentsline {table}{\numberline {9}{\ignorespaces Verifier failure taxonomy comparing the rules baseline (pre-fixture) against the supported corpus after fixture seeding. Counts derive from \url {data/failures/taxonomy_counts.csv} generated by \texttt {scripts/aggregate\_failure\_taxonomy.py}.}}{9}{table.9}\protected@file@percent }
\newlabel{tab:failure_taxonomy}{{9}{9}{Verifier failure taxonomy comparing the rules baseline (pre-fixture) against the supported corpus after fixture seeding. Counts derive from \protect \url {data/failures/taxonomy_counts.csv} generated by \texttt {scripts/aggregate\_failure\_taxonomy.py}}{table.9}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {3}{\ignorespaces Comparison of admission-time (Kyverno) and post-hoc (\texttt {k8s-auto-fix}) policy enforcement on overlapping policies (seed=1337).}}{9}{figure.3}\protected@file@percent }
\newlabel{fig:admission_vs_posthoc}{{3}{9}{Comparison of admission-time (Kyverno) and post-hoc (\texttt {k8s-auto-fix}) policy enforcement on overlapping policies (seed=1337)}{figure.3}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {4}{\ignorespaces Acceptance comparison between rules-only, LLM-only, and hybrid remediation modes (\url {data/baselines/mode_comparison.csv}).}}{9}{figure.4}\protected@file@percent }
\newlabel{fig:mode_comparison}{{4}{9}{Acceptance comparison between rules-only, LLM-only, and hybrid remediation modes (\protect \url {data/baselines/mode_comparison.csv})}{figure.4}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {5}{\ignorespaces Operator A/B study results comparing bandit scheduler against baseline modes (simulated). Dual-axis chart shows acceptance rate (green bars) and mean wait time (blue bars) across 247 simulated queue assignments (\url {data/operator\_ab/summary\_simulated.csv}).}}{9}{figure.5}\protected@file@percent }
\newlabel{fig:operator_ab}{{5}{9}{Operator A/B study results comparing bandit scheduler against baseline modes (simulated). Dual-axis chart shows acceptance rate (green bars) and mean wait time (blue bars) across 247 simulated queue assignments (\protect \url {data/operator\_ab/summary\_simulated.csv})}{figure.5}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.5}Threat Model}{9}{subsection.5.5}\protected@file@percent }
\citation{nvd,epss}
\citation{cisa_kev}
\@writefile{lot}{\contentsline {table}{\numberline {10}{\ignorespaces Risk calibration summary derived from \url {data/risk/risk_calibration.csv}. $\Delta R$ uses policy risk weights; “per time unit” divides by summed expected-time priors.}}{10}{table.10}\protected@file@percent }
\newlabel{tab:risk_calibration}{{10}{10}{Risk calibration summary derived from \protect \url {data/risk/risk_calibration.csv}. $\Delta R$ uses policy risk weights; “per time unit” divides by summed expected-time priors}{table.10}{}}
\@writefile{lot}{\contentsline {table}{\numberline {11}{\ignorespaces Acceptance and latency summary (seed 1337). Results generated from \url {data/eval/unified_eval_summary.json}.}}{10}{table.11}\protected@file@percent }
\newlabel{tab:eval_summary}{{11}{10}{Acceptance and latency summary (seed 1337). Results generated from \protect \url {data/eval/unified_eval_summary.json}}{table.11}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.6}Threats and Mitigations}{10}{subsection.5.6}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.7}Threat Intelligence and Risk Scoring (CVE/KEV/EPSS)}{10}{subsection.5.7}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.8}Guidance Refresh and RAG Hooks}{10}{subsection.5.8}\protected@file@percent }
\citation{auer2002}
\@writefile{lot}{\contentsline {table}{\numberline {12}{\ignorespaces Guardrail example: Cilium DaemonSet patch (excerpt).}}{11}{table.12}\protected@file@percent }
\newlabel{tab:cilium_patch}{{12}{11}{Guardrail example: Cilium DaemonSet patch (excerpt)}{table.12}{}}
\@writefile{lot}{\contentsline {table}{\numberline {13}{\ignorespaces Cross-Cluster Replication Results}}{11}{table.13}\protected@file@percent }
\newlabel{tab:cross_cluster_replication}{{13}{11}{Cross-Cluster Replication Results}{table.13}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.9}Risk-Bandit Scheduler with Aging and KEV Preemption}{11}{subsection.5.9}\protected@file@percent }
\newlabel{eq:scheduler_score}{{1}{11}{Risk-Bandit Scheduler with Aging and KEV Preemption}{equation.5.1}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.10}Baselines and Ablations}{11}{subsection.5.10}\protected@file@percent }
\@writefile{lot}{\contentsline {table}{\numberline {14}{\ignorespaces Verifier gate ablation using 19 patched samples (\texttt {data/ablation/verifier\_gate\_metrics.json}). Acceptance reports the share of patches passing under the scenario; escapes count regressions that the full verifier blocks.}}{12}{table.14}\protected@file@percent }
\newlabel{tab:verifier_ablation}{{14}{12}{Verifier gate ablation using 19 patched samples (\texttt {data/ablation/verifier\_gate\_metrics.json}). Acceptance reports the share of patches passing under the scenario; escapes count regressions that the full verifier blocks}{table.14}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.11}Metrics and Measurement}{12}{subsection.5.11}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {6}Limitations and Mitigations}{12}{section.6}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {7}Discussion and Future Work}{12}{section.7}\protected@file@percent }
\citation{xai_pricing}
\bibstyle{IEEEtran}
\bibcite{cis_benchmarks}{1}
\bibcite{pss}{2}
\bibcite{opa_gatekeeper}{3}
\bibcite{kube_linter_docs}{4}
\bibcite{k8s_security_context}{5}
\bibcite{rfc6902}{6}
\bibcite{kubectl_reference}{7}
\bibcite{xai_pricing}{8}
\bibcite{k8s_seccomp}{9}
\bibcite{nvd}{10}
\bibcite{cisa_kev}{11}
\bibcite{epss}{12}
\bibcite{trivy}{13}
\bibcite{grype}{14}
\bibcite{swe_bench_verified}{15}
\bibcite{llmsecconfig}{16}
\bibcite{malul2024}{17}
\bibcite{kubellm}{18}
\bibcite{kyverno_docs}{19}
\bibcite{borg}{20}
\@writefile{lof}{\contentsline {figure}{\numberline {6}{\ignorespaces Risk-Bandit scheduling loop (aging + KEV preemption) maximizing expected risk reduction per unit time with exploration and fairness.}}{13}{figure.6}\protected@file@percent }
\newlabel{fig:bandit-pseudocode}{{6}{13}{Risk-Bandit scheduling loop (aging + KEV preemption) maximizing expected risk reduction per unit time with exploration and fairness}{figure.6}{}}
\@writefile{toc}{\contentsline {section}{References}{13}{section*.1}\protected@file@percent }
\bibcite{artifacthub}{21}
\bibcite{auer2002}{22}
\bibcite{joseph2016}{23}
\bibcite{aardvark}{24}
\bibcite{kubeintellect}{25}
\bibcite{b1}{26}
\bibcite{b2}{27}
\bibcite{b3}{28}
\@writefile{toc}{\contentsline {section}{Biographies}{14}{IEEEbiography.0}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{Brian Mendonca}{14}{IEEEbiography.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{Vijay K. Madisetti}{14}{IEEEbiography.2}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{Appendix\nobreakspace A: Grok/xAI Failure Analysis}{15}{section*.2}\protected@file@percent }
\newlabel{app:grok_failures}{{A}{15}{\appendixname \nobreakspace \thesectiondis \\* Grok/xAI Failure Analysis}{section*.2}{}}
\@writefile{toc}{\contentsline {section}{Appendix\nobreakspace B: Risk Score Worked Example}{16}{section*.3}\protected@file@percent }
\newlabel{app:risk_example}{{B}{16}{\appendixname \nobreakspace \thesectiondis \\* Risk Score Worked Example}{section*.3}{}}
\@writefile{toc}{\contentsline {section}{Appendix\nobreakspace C: Acronym Glossary}{17}{section*.4}\protected@file@percent }
\newlabel{app:acronyms}{{C}{17}{\appendixname \nobreakspace \thesectiondis \\* Acronym Glossary}{section*.4}{}}
\@writefile{toc}{\contentsline {section}{Appendix\nobreakspace D: Artifact Index}{18}{section*.5}\protected@file@percent }
\newlabel{app:artifact_index}{{D}{18}{\appendixname \nobreakspace \thesectiondis \\* Artifact Index}{section*.5}{}}
\@writefile{lot}{\contentsline {table}{\numberline {15}{\ignorespaces Primary artifacts bundled with the paper.}}{18}{table.15}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{Appendix\nobreakspace E: Evaluation Artifact Manifest}{19}{section*.6}\protected@file@percent }
\newlabel{app:artifact_manifest}{{E}{19}{\appendixname \nobreakspace \thesectiondis \\* Evaluation Artifact Manifest}{section*.6}{}}
\@writefile{lot}{\contentsline {table}{\numberline {16}{\ignorespaces Key evaluation artifacts with record counts and purposes for full reproducibility.}}{19}{table.16}\protected@file@percent }
\newlabel{tab:artifact_manifest}{{16}{19}{Key evaluation artifacts with record counts and purposes for full reproducibility}{table.16}{}}
\@writefile{toc}{\contentsline {section}{Appendix\nobreakspace F: Corpus Mining and Integrity}{20}{section*.7}\protected@file@percent }
\newlabel{app:corpus}{{F}{20}{\appendixname \nobreakspace \thesectiondis \\* Corpus Mining and Integrity}{section*.7}{}}
\gdef \@abspage@last{20}
Loading